A. to minimize the number of events affecting multiple devices for the Correlation Manager to strategize the events more quicklyB. to correlate events across multiple devices for the Correlation Manager to compare all events equallyC. to standardize events across multiple devices for the Correlation Manager to compare all events equallyD. to process the events across multiple devices for the Correlation Manager to strategize the events more quickly

Answer: C

QUESTION 146Normalization provides a unique identifier for each type of event and _____.

QUESTION 147When an event is received by the Symantec Security Information Manager (SSIM), the Event Logger component inserts events into the archive without doing other processing. This is the default behavior. Depending on the configuration and the components installed on the SSIM, how can the inserted events be processed?

QUESTION 149What information does the Correlation Manager use to identify and prioritize incidents?

A. DeepSightB. event historyC. incidentD. assets

Answer: D

QUESTION 150How can you populate the list of assets in the Correlation Manager?

A. manually add asset entries in the Identities pageB. create assets based upon computers in the Incident pane on the Incident pageC. create assets by importing data from archived database informationD. create assets based upon computers in the Source View or Target View of the Assets page “Pass Any Exam. Any Time.” – www.actualtests.com 60Symantec ST0-085 Exam

Answer: D

If you want to pass the Symantec ST0-085 Exam sucessfully, recommend to read latest SymantecST0-085 Dump full version.